Why Healthcare Software Is Different
Building software for hospitals is not like building SaaS. Every design decision carries clinical implications. A bug in an inventory system costs you money. A bug in a medication management system can cost a life.
This constraint shapes everything — from how we structure data access to how we deploy updates.
Core Architecture: Branch-Isolated Multi-Tenancy
Hospital OS serves multiple hospital branches under one system. The critical requirement: patient data from Branch A must never be accessible to Branch B, even for admin users.
Our solution: row-level security (RLS) in PostgreSQL, enforced at the database layer — not the application layer. Application-level authorization can have bugs. Database-level RLS cannot be bypassed by a code defect.
CREATE POLICY branch_isolation ON patients
USING (branch_id = current_setting('app.current_branch')::int);Every database session sets app.current_branch on connection. Queries that attempt cross-branch access return zero rows, not an error — which prevents information leakage about whether records even exist.
AI-Assisted Clinical Notes
The highest-ROI AI feature in Hospital OS is not diagnostic AI (too high-stakes, too regulated) — it's clinical note summarization.
Physicians spend 35-40% of their time on documentation. Our implementation:
- 1.Physician dictates or types raw notes
- 2.Semantic Kernel processes through a GPT-4o-mini pipeline (not frontier — fast and cheap for summarization)
- 3.Structured SOAP note generated, presented for physician review
- 4.Physician approves with one click — full audit trail maintained
The key compliance design: AI output is always a draft requiring human approval. The audit log shows who approved what and when. This satisfies HIPAA's "minimum necessary" and audit control requirements.
HL7 FHIR Integration
For lab systems and external referrals, Hospital OS exposes a FHIR R4-compliant API. Implementation considerations:
| Requirement | Implementation |
|---|---|
| Patient identity | FHIR Patient resource with local + national ID |
| Lab results | FHIR Observation with LOINC codes |
| Prescriptions | FHIR MedicationRequest |
| Referrals | FHIR ServiceRequest |
FHIR integration enables Hospital OS to connect with national health registries and third-party diagnostic labs without custom integrations.
Deployment: Zero-Downtime Updates
Hospitals cannot have maintenance windows. Our deployment model:
- ◆Blue-green deployment via Azure App Service deployment slots
- ◆Database migrations run as backward-compatible additive changes only — no column drops, no renames in production
- ◆Feature flags control rollout of new functionality
The rule: every deployment must be reversible within 60 seconds.
What We'd Do Differently
In retrospect: we should have invested earlier in a comprehensive test suite that mirrors production data patterns. Healthcare data is complex — edge cases that seem impossible in testing are common in production.